Wireless APs in Homebrew Coffee Shops?

An anonymous reader writes "Having seen lots of complaints about the overpriced T-Mobile Wireless APs in Starbucks ($10/hr) got me thinking about setting up a wireless AP for the small, family-owned coffeeshop in my town under the tip jar model. I'm assuming ~$100 for the router, ~$500 for a PC to use to control quotas (to prevent over-zealous Kazaa users, block spammers and script kiddies and other would-be abusers) - but what software should I be using? Do enough people have 802.11a/g cards that it would be worth it to invest in that rather than an 802.11b router?" Has anyone considered making a Linux distribution for use by cybercafes, to handle wireless access and anything else such an outfit might need?

"Since this is a medium (50,000-ish) size town, and pretty much everyone in the coffee shop is a regular, would a tip jar model work? I'm figuring suggest a donation - what should I set that at?

Finally, keep in mind that the owner is not a geek - I'd be doing this when not studying (I'm a college student), so this would be set up over the summer, and most of the maintenance would be done on the weekends and/or via SSH.

Any other thoughts would be appreciated."

Check out Austin wireless

[yar]

http://www.austinwireless.net/cgi-bin/index.cgi
T hey've got several low-cost setups all around the Austin area.

wep key on receipt!

[realyendor]

Print the WEP key on the receipt, and change it daily.

Re:wep key on receipt!

[Joe+U]

That's a great idea for us geeks, but too complex for the average Joe.

Tech support would eat up too much time.

Re:wep key on receipt!

[Golias]

Anybody wired enough to feel they need their laptop with them when they are drinking coffee at a mom & pop cafe is probably one of us geeks... at least, enough of one to know how to set a WEP key.

Re:wep key on receipt!

[nolife]

Don't be so sure, geeks can figure it out but the business types that have wireless will not. We have wireless in our office. We set the users up for use in our office but we get tons of calls because they can not get it working at the airport, client sites, Starbucks, hotels, and even at their own house. Some of them even have problems getting the wired rj45 working at those same locations which requires no configuration.

Re:wep key on receipt!

I would agree with you if the customers could benefit from the encryption, but since WEP doesn't support per-connection keys, they gain no security. A WEP key is (registration key kind of) long, so even if the customers know how to set it, it is an unnecessary burden. I'd hand out short simple one-time passwords with every beverage. Then redirect new/expired MAC addresses to a webpage where the customer enters the password (use HTTPS), upon which the webserver grants access for a limited time. This way you keep complete freeloaders and people who would make camels proud out. Don't use WEP, it creates a false sense of security.

Re:wep key on receipt!

[Perl-Pusher]

Just block the IP ports. You can block mail ports , kaaza etc. Hell block everything except http,https,ftp and DNS.That will stop anyone from abusing it, it can usually be setup in the wireless gateway/router.

I have a linksys system in my home that is working fine in that capacity, plus by putting the router in a location low only about 4-5 feet off the ground, you pretty much limit the working range to just inside your establishment. If you use 2 routers one wireless one not, you can block access to the companies computers to the wireless users again it can be done on the routers themselves, no extra PC needed.

Re:wep key on receipt!

Don't block UDP/500<->UDP/500 (ISAKMP), UDP/4500<->UDP/4500 (NAT-T), IP protocol 50 (ESP) and IP protocol 51 (AH). Same goes for TCP/1723 and IP protocol 47 (GRE). You don't want to keep out business people who need to access the company (IPSec/PPTP) VPN.

Re:wep key on receipt!

[Ryosen]

As stated below, modifying the WEP key is beyond a large percentage of users. A better approach would be to use your gateway box as a proxy server (which you would be doing anyway) and use a common logon id. Change the password for the account daily and print the day's user id and password on the receipt.

Users are much more familiar with this approach and it is no more complex (less actually) than the revolving WEP.

Re:wep key on receipt!

[curtlewis]

Don't block SMTP or POP thank you. Block my mail and I won't be a happy wi fi customer.

Re:wep key on receipt!

[frostman]

What if your cash register won't easily print custom strings on the receipt? Or you don't want your staff messing with the cash register settings?

Assuming you have your router/firewall nicely blocking abusable ports, you could just write the WEP key on a card by the tip jar. Smaller than the "Support Community Internet" sign of course ;-)

A lot of routers support ASCII keys, so the staff can think up funny ones to use and the customers won't have to sit by the tip jar while entering the key.

As for "no access without purchase" or somesuch, think of it like reading the magazines. If someone plops down to surf and is too cheap to buy a coffee, it's at the staff's discretion to tolerate them or not. Same for excessive downloading - just like if someone's hogging all the magazines, it's usually enough to just point it out to them.

I would also put a nice silent little mini-itx system somewhere so the staff can easliy change the WEP key a couple times a day and can check e-mail when bored. And I'd have that little station free for customers too, just don't hog it.

A good way to prevent hogging of a free terminal in a cafe is to make it a little conspicuous. You have to stand up to use it, and there's no way to really hide what you're doing from others. Have a place to put down your coffee but no workspace. I've seen this done and it works great - people check their email or look something up on the net and don't stand there forever preventing others from using it.

As for the technology, 802.11b is probably enough for any normal sized community cafe, but you'd want g for bigger college-town setups.

I think it's a Good Thing for the customers who don't already know about WEP to at least learn enough to change the key. Print up a little flyer with simple explanations and a bit of propaganda about open-source and community networking, etiquette, etc.

And of course the little stand-up terminal should run a sweet desktop Linux (or *BSD), which would likely be a first impression of free software for a lot of people.

You're ready to go for under $500 plus the broadband fees.

Man, now I just need to open a cafe!

Re:wep key on receipt!

[austad]

Don't block UDP/500UDP/500 (ISAKMP), UDP/4500UDP/4500 (NAT-T)

Actually, NAT-T ports vary between vendors. Cisco uses 10000, Nortel uses 10001 or 10002. And the admin of the VPN concentrator can change that to whatever port he wants. Just allow all UDP through and it will work fine.

Re:wep key on receipt!

[Angst+Badger]

Hell block everything except http,https,ftp and DNS.

Great, so you can browse the web and transfer files to insecure sites. But then you can't send or receive mail, make secure file transfer (scp) or shell (ssh) connections, or use any kind of instant messaging client. In other words, if your idea of internet access is limited to passively absorbing web pages, you're covered, but if you were thinking of actually doing anything, it's useless.

If you want to avoid abuse of a tiny wireless network, what you're mostly going to be concerned about is bandwidth consumption. There are quite a few tools for controlling bandwidth consumption under Linux; check them out. If you aren't providing all available bandwidth to the first user who tries to hog it, neither Kazaa abusers or coffee-swilling part-time spammers are going to cause you much grief.

If you want to get a bit more fine-grained than that, there are a buttload of tools to help you monitor what your users are doing, and many of them are scriptable and can set off some kind of alarm if someone is behaving badly.

In any event, you'll offer a much better service if you block only those things which you want to always avoid from the outset, and install tools to help you detect and interrupt the occasional abuse of otherwise innocuous services.

I think your estimates are way too high

[IronTek]

You can get 802.11b routers for 20 bucks AR now (and why bother with g if it's a tip-jar method).

Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.

With those kinds of prices, the coffee shop should go for it!

Re:I think your estimates are way too high

[The+One+KEA]

That sounds reasonable - I run a dedicated Linux firewall on a P-!!! 933MHz with 512MB PC133 SDRAM on a Soyo SY-7VEM, and it works quite nicely as a firewall, Samba master browser and DNS server. The processor, mobo, and case (with PSU) came out to approx. $300, IIRC.

The parent was right - try going to a nearby computer show, you'll probably find something fairly cheap that will do the trick.

Re:I think your estimates are way too high

[Golias]

Or, for that matter, pick up a used X-Box for about $125 and use the 007 hack to load Linux on it. Then you don't have a PC tower taking up precious restaurant space, just a tiny game console tucked under the counter somewhere.

Re:I think your estimates are way too high

[tallman68]

Might as well stick with b, if a b/g radio sees a b signal, the speed drops for all. Unless you hard set it to "g-only" then you lose most of your "customers".

Unless you want to put in 2 radios, but this is tip jar.

Re:I think your estimates are way too high

[Aardpig]

Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.

One caveat, however, which has bitten me on the ass before. Some wireless cards (esp. ones made by D-Link) are designed for use with PCI 2 compliant motherboards. Unfortunately, most Pentium III motherboards are based on PCI 1, and won't even "see" a PCI 2 card. Accordingly, before you shell out on a 802.11b PCI card, check that it will work in your "legacy" machine.

Re:I think your estimates are way too high

[djqed]

I don't even think the coffee shop would need to charge anything for it - no tip jar or anything. I go regularly to a cafe in my city (SF) which has free WiFi. The cafe is nearly always comfortably full - not impossible to get a table, but most seats are taken. Meanwhile, other cafes around town which charge for access or have no access at all are nearly empty during a weekday. I think the increased business from having the service would pay for itself in one or two days of extra sales. You could argue that WiFi encourages people to sit there for hours on 1 coffee, but personally if I'm there for a few hours or more I get a sandwich and a cookie in addition to my 2 drinks, which I would never pay for at this coffee shop otherwise.

Re:I think your estimates are way too high

[Lumpy]

you can do it with far less hardware.

802.11b is the absolute maximum you should go. it's silly to go higher when your Internet access is slower than 802.11b with 10 users on that same access point.

next you need a firewall, a P-1 166 will do it perfecly and handle twice the load that you will ever see ... this is a freebie most anywhere... no hard drive needed just get frasierwall or freesco single floppy firewall distros... you MUST firewall off your wireless from you and your internet... consider it more hostile than the internet ever could be.

now go to here and get their system that works great and will solve most all your worries.

Oh and be sure to survey your entire area to be sure there is good access in every sitting location but not much available outside your desired coverage area.

basically, if you already have a commercial T-1 or other business level internet access in your building you can get it installed and running for less than $200.00 in hardware and a couple of weekends of time.

Re:I think your estimates are way too high

[possible]

People have had good luck with the Soekris hardware for these types of applications. In particular, they make tiny x86 computers that you can mount on the wall, they are optimized for wireless applications (they run Linux, *BSD) and they have very low power consumption and no moving parts. TechTV ran an article on how to build a Linux-based WAP with the Soekris Net4521.

I've been using one of their older models, the Net4501, for over a year now as an OpenBSD firewall. It's nice to have a configurable firewall in my home office that makes zero noise whatsoever.

Re:I think your estimates are way too high

it would be insane to use a PCI card. use a Accesspoint and then an ethernet card in the pc.

cheaper, 802.11b accesspoints are $20.00 at best buy. pci cards that are linux compatable, are much harder to find, and are usually more expensive.

never EVER use a wireless pci card for anything except long range link points.

Re:I think your estimates are way too high

[arth1]

Might as well stick with b, if a b/g radio sees a b signal, the speed drops for all. Unless you hard set it to "g-only" then you lose most of your "customers".

Modern 802.11g equipment, i.e. everything made or flashed after the standard was finalized, will support CTS. In a mixed b/g environment, this ensures that any device being cleared to send will be able to do so at its full speed.

What's more detrimental to speed is if someone talks on a 2.4GHz cordless phone or nukes something in the microwave.

Regards,
--
*Art

Re:I think your estimates are way too high

[vees]

I agree completely! Remember the ComputerWorld article about wireless access at Panera Bread restaurants?

In fact, Shaich considers free Wi-Fi to be such an essential marketing tool that he dismisses any discussion of ROI. "What is the ROI on a bathroom?" asked Shaich, pointing out that the day of pay restrooms in restaurants has long since passed.

Perhaps just amend the note on the tip jar: "For excellent service AND wireless access!"

router

[Anarke_Incarnate]

Well....figure on it this way. Each router or access point does not give 11mb (more like 3-6mb in actuality) to each node, but they end up sharing it. I suggest you invest in a switch, a regular router and some access points.

Re:router

[Rhys]

Figure it's all going through a 150kb uplink and you're worried about the wireless bandwidth?

cafe software

[computerme]

this is not exaclty what you asked for but if you start to add more internet stations to the mix maybe you will need something like this:

http://www.baspe.com/baspecafe.html

Re:cafe software

[tindur]

My mother has a small cafe and she is getting an ADSL line there. Does a solution exist for putting Linux and a browser on a pc so that the guests could surf but not do any harm? Could you start a browser instead of a window manager? Would if be possible to use codes for surfing? You wouldn't want any one person to hog the machine...

Re:cafe software

[Pionar]

Here is a mozdev project designed to do just that.

Try Sputnik...

[drdreff]

http://www.sputnik.com/ has more of what they are doing now, but 18 months ago I was using their boot-cd linux distro on a laptop to create an AP.

802.11b for compatability

[Anti_Climax]

Even if a lot of people have 802.11a/g cards, you'd probably be best served with 802.11b equipment. It's compatible with the most systems, and serving up broadband to multiple users, you'll probably still have a hard time saturating it to a noticible degree in a coffee shop setting.
Just my $0.02

But what would you call it?

[madgeorge]

Java Desktop System is taken, I believe. :)

I've done something similar...

[Binestar]

You can do what you are looking to do very inexpensively (not counting time) if you get a Linux supported PCMCIA card and a Toshiba SG-20. The SG-20's are available for ~$200 (Cheaper on ebay I'm sure) and they have a built in 7 port hub, 1 external interface, and a PCMCIA slot which you can put the wireless card into and setup an ad-hoc network for wireless users.

I currently use the SG-20's for a managed firewall solution for small businesses which I run Gentoo on. (You can substitute your Distribution of choice of course)

Re: Popularity

[Silverkm]

What kind of popularity are you expecting?
20 people sharing a single dsl/cable line would not be very practical, so you would have to factor in the cost of a faster internet connection.

Do enough people have 802.11a/g

If you go with 802.11g router it will support both b/g and if you go for a 802.11b router, almost all 802.11g cards will support it.
Although, 802.11g built in cards, (most new notebooks) from my experiance have a hard time connecting to 802.11b. As for 802.11a, forget it, because no one will have a card for this, and it's rare that there is any compatability, because it using the 5 ghz frequency

Building Wireless Community Networks

[aheath]

O'Reilly Associates has a book on this topic called Building Wireless Community Networks. The Second Editon was published last June. The ISBN is 0-596-00502-4.

I have not read the book, but I have looked at the table of contents and the index. The book looks to be a designed to answer many of the questions that you have asked. Hopefully someone on Slashdot has read the book and can tell you if it will help you in your effort to set up a wireless network at your local coffee shop.

use a FreeBSD Access Point

[Chuck+Bucket]

Get a WiFi card (I got a Netgear MA311 refurb from Fry's for 30$), an old PC, configure it running FreeBSD to serve as an access point for your wireless network. Here's a great HOWTO:

Configuring a FreeBSD Access Point for Your Wireless Network

CB

NoCatAuth is all you need

[specht]

See the Linux Journal article at http://www.linuxjournal.com/article.php?sid=6887

Re:NoCatAuth is all you need

[nehril]

a local coffeeshop does just this. they dont use WEP (useless overhead) and it's all 802.11b (why go for the lower range of a or g when you are only sharing a 1.5m DSL uplink anyway??). at the register they have a bunch of preprinted username/password cards you buy for $8 (they are obviously computer generated, each userid/password is unique). $8 buys you an hour, $20 buys you an all-day access card, and I think $30 buys you an all-month.

The first time you connect to any website you are redirected to a local webserver that prompts you for your name/pass. you key it in, and now your mac or ip is "authorized," and the rest of your connection is completely unrestricted. You cant do anything else until you login to their web server, and once you log in your ID is "used up."

pretty slick, since it requires zero geekness for whoever is at the register, they just sell cards like any other product. I'm pretty sure their backend is based on nocatauth

OpenBSD is your friend

[isa-kuruption]

Forget about making a Linux distro for this, everything you want to do is available within OpenBSD 3.4 and it's pf software. Basic packet filtering, NAT, user quotas and general bandwidth managment. OpenBSD 3.4 also comes with BIND9 and ISC's DHCP daemon for serving up IP addresses. Best of all, you can do it for the cost of a $100 PC you pick up at the local computer show (say a pentium pro or an earlier pentium II).

Re:OpenBSD is your friend

[damm0]

If the person asking the question knew enough about the unix way to use OpenBSD, they wouldn't have asked the question in the first place.

The "tip jar business model"

[NateKid]

kinda reminds me of people who plan to make a profit giving software away for free...

Start small

[jcsehak]

I'd start with b, and if the service pays for itself (ie, if people are cool about the tip jar), upgrade to g later, and put a sign up like "the program's a success, so I upgraded!" That way people'll feel like their tips are really contributing.

Thoughts

[Some+guy+named+Chris]

First, if you don't pay more money per month for "resellable bandwidth", then you are in a legal gray area. Your generic office class DSL service is not resellable, so I'd avoid actually charging. You might be able to get away with a tip jar, but I'd forget about charging for the service.

Giving it away free also simplifies administration, and can be seen as an easy and cheap promotion to attract customers.

Secondly, with 802.11g routers costing $79, cost isn't much of an issue. This is a business expense, go ahead and pony up the $30 extra bucks for a decent piece of equipment.

Re:Thoughts

Just letting customers (i.e. individuals who are not employees or contractors of the business) is against most business ISP T&Cs, and can get the coffee shop into a world of trouble.

The most likely outcome is the ISP hitting them with a bill for the bandwidth they've used (probably at a low monthly flat-rate) at a "resale" price, which is probably much more than they could afford.

And they're much more exposed to this or worse action than a poor "judgement proof" college student. The poster mentioned that the owners are not "geeks", and they're also probably not lawyers, so try not to get them in legal hot water.

(Sorry about AC, away from my main computer)

Re:Thoughts

[Dorktrix]

Also, as anyone who survived the dot com bust realizes, businesses should stick to their core competency. A coffee shop should not become an ISP. Offer Internet access to attract more customers and sell more coffee, not to make money on the Internet access. Consider it an investment in your core business of attracting coffee-drinking customers.

I for one know that I end up drinking a few more cappuccinos when I see 300 new messages in my email inbox :)

Port blocking?

[goon+america]

to prevent over-zealous Kazaa users

Overzealous Kazaa users? There is some amount of Kazaa usage you'd allow in your coffeee shop? You don't really need a PC to do sophisticated packet filtering... why not just block the ports that Kazaa uses? I also don't know how you could "filter" vaguely defined script kiddie activity.

My wireless-basestation-included broadband router cost $55 with a $20 rebate, and you can block ports and ban MAC addresses with it (you have to assign the MAC address to a certain ip range, and then block that ip range), btw.

Personal Telco Project of Portland Oregon

[tomwhore]

A lot of what your talking about has been deployed to over 20 buisness locations and a horde more home sites here in Portland Oregon by a group called the Personal Telco Project.

http://www.personaltelco.net

We use NoCat on linux based boxes and it covers most of what your looking to do. You can set up Auth or simply a Splash, you can do throttling, shaping and the like, you can set up local content areas for biz and community use.

Its amazing what older PCs and low cost APs can do. Most of the stuff is easy to install, the few rough spots, like NoCat, have been feild tested and methodologies have been crafted to make it easier to set and and maintain.

Come on over to the url posted above for more information or head to #ptp on irc.freenode.net and ask for more info.

Re:Personal Telco Project of Portland Oregon

[tomwhore]

From real world building ( thanks PTP) here are some rough numbers as far as cost

Old 133cpu computers + Linksys wrt54g + 12dbOmni = Low Cost Wireless Networking

Old 133 Computer with a nic 1gigHD,soundcard, etc=about 40$ from freegeek.org

WRT54g = about 80$

12dbOmni= about 40$

parts(mount, cable,etc)= about 40$

Linux = about $0

Total Cost = about 200$

This gets you a set up that can server some web pages, act as an Auth or Splash gateway, get some great coverage and even play up some mp3s.

Coffee house cool meets DIY down home goodness.

www.personaltelco.net

Plug Plug Plug

[FatRatBastard]

In my old neighborhood the local indi coffee house is Common Grounds. They have set up something similar (free access, tip jar to help pay). It couldn't hurt to drop them an e-mail and see how they've set things up.

OpenBSD, pf, ALTQ

[Beryllium+Sphere(tm)]

Traffic shaping is available by default and pretty easy to set up, and it runs well on cheap old hardware. You could invest a lot of effort hardening a Linux install to match what OpenBSD has by default.

There's provision for requiring authentication on wireless connections. Even with a tip jar model you may want that.

Keep WEP turned off (yes, you just heard that from a security consultant!). WEP doesn't match your security model 'cause it assumes everyone using the same key trusts each other. Since it doesn't do what you need, it's not worth the cost in inconveniencing the customers.

Turn the power down on the access point. No need to provide service to people across the street or down the block.

Why PC?

[po8]

Seems to me that the PC is just another expensive thing to break. Look for a high-end wireless router that will supply whatever functionality you need in a self-contained box, and leave the PC out of it, at least until some need actually presents itself. You can probably find a decent router for under $100 at current prices; still much cheaper and simpler than $20 router + $200 PC.

Go for cheap/reliable before speed...

[stienman]

I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.

Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.

Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.

Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.

-Adam

Semi-honor system....

[stuartkahler]

I assume that you are doing this to bring more people into you shop or keep them there longer, rather than trying to make a killing selling the net access...

I would suggest changing the password daily, and giving it away free to people who spend $5+ (?) when they come in. Anyone else can pay 50 cents extra for it. It would be sort of an honor thing for people to not pick up a slip laying around and surf free.

I think anything that requires you to give out individual passwords would require you to raise your price on access by $1 just to cover the administration. If you don't change passwords regularly, people in neighboring businesses are likely to start using your connection.

Keep in mind that you will be providing a connection that could be popular with people trading kiddie porn if you are not careful. I would recommend putting a bandwidth cap of 128/16kbps or 256/16kbps to keep the roaches off you net.

Hopefully you already realize that you will be violating the TOS for any household internet account. Buying a business account will likely double the ISP cost.

Keep the administrative costs down

[maya]

I set up a wireless system at the Brew House in Cincinnati, which gets a fair amount of use and which has helped bring new customers into a neat neighborhood bar. When we first set the system up, we had all sorts of rules and regulations, and we were putting considerable effort into keeping track of who was allowed to use the system and making sure that users were "registered". We dropped all that, because it just wasn't worth it. Our costs for the connection are fixed, and the more people who use it, the better we like it. Now there are just four rules: keep it legal, keep it clean, keep it civil, and have fun. And we rely on the honor system to enforce those.

With regard to 'g' vs 'b' standards, the only purpose for the wireless router in a pub or cafe is to connect to the Internet, and a faster network doesn't improve that connection. Even at cable modem speeds, the Internet connection is still considerably slower than an 802.11b LAN.

For the Brewhouse system, we scavenged a couple of old PCs from customers and loaded Linux on them, and we got a wireless router on sale at MicroCenter for $40. The cost of a business connection to our local cable is the most significant cost we incur, and the proprietor thinks that is worth the buzz it creates, even if it didn't attract new customers.

Richard

The solution you want to look at...

[jafo]

You clearly want to look at the Soekris small form factor computer like the 4801, mini-PCI WiFi cards such as the kits available for the Soekris at NetGate, and set them up with a 128MB CF card instead of a hard drive and install Pebble Linux on it.

The end result of this is a small integrated PC with no moving parts, and mounts it's file-system read-only so no worries about corruption, with a built-in access point. These work great, and are a bit larger than the size of a VHS casette.

I've deployed a number of these, and they are rock solid. Plus, they have advanced routing capabilities thanks to Linux, and the ability to block infected or abusive users from re-associating with the AP.

As far as going with 802.11 a or g... You must be pulling in some pretty mighty bandwidth to need to use something faster than 802.11g. Pebble includes "MadWiFi", a driver for some a/g cards, but I haven't used it.

Sean

Re:No PC

[Graff]

If anybody is hogging bandwidth, you can just tap them on the shoulder and tell them to knock it off.

Except when the hog is a neighbor who has discovered the free access and is running a Kazaa file sharing client or doing some other high-bandwidth use activity. Remember, this is wireless - the person using the bandwidth might not always be visible to you.

I just did a similar setup

[squarefish]

But we're not charging and the isp (covad) requires email authentication through their servers for any smtp traffic- it would be very difficult to control web based mail.

we basically set it up as a free spot, as the owner didn't want to take any time away from the bartenders serving beer.

it's just a 1.5/384 adsl line from covad with a zyxel prestige 645 and a linksys wap54g- g is easy because it's fully compatble with b and only a slight price increase, I wouldn't mess with a.

zyxel makes a great 'hotspot in a box' that features the reciept printer and seems to do a great job overall. I think it was about $600 at that time.

funny, I submitted a very similar 'ask slashdot' in july and it was rejected- I don't even attept to submit stories anymore, I know someone else will eventually and it will be accepted.

Re:Possible suggestion

[Gudlyf]

"...at least force people to authenticate via a "yes I won't do stupid stuff" model..."

Not to mention you'll probably want all sorts of disclaimers for people to outright accept if they're willing to risk using your network. Someone could possibly find their account had been hacked and assume it was your "mom-and-pop operation" that mishandled the data floating through the air, or that the server you setup got hacked, allowing all data to be sniffed -- with WEP, the data through the air is encrypted, but unless the user is using SSL or some other encryption, the data from the server to the internet is not encrypted.

Re:Survey

[Tenebrious1]

I lived in a small town of 50,000, and for several years I hung out at the local diner which was the closest thing to a local coffee shop. In 10 years, I was the only one to show up there with any regularity with a laptop since I was there to do more work than socialize.

I'm one who can't sit at home and get any work done, I need background noise. Still, in all those years, I very rarely needed to connect to the internet. If I did, I'd use my cell phone, just to check some facts but it wasn't a necessity.

From my experience, people, in general, don't want to surf the web when they're sitting at a coffee shop. They're mostly there to eat, drink, or socialize. At least the regulars are there to do so, which is why they're regulars. If there's an internet terminal, sure some will hop on; mostly those who need to check email or don't have internet access at home. Surfing the web seems to be a "personal" pasttime, which is why most internet cafe's died out, people just preferred to surf from home (if they had access).

Laptops are still expensive. WiFi is still in the realm of geek, slowly making it's way out to the world.

I would definitely check with the customers. The important thing is to find out how many people would use it regularly and pay regularly. I expect you'll have a lot of interest the first few months, but it'll drop off as people find they really don't need to surf the web in the 30 minutes they're at the coffee shop chatting with friends. You may only end up with a handful of dedicated users, who now sit at the coffee shop for hours.

Which brings in another problem; it's not making any money for the coffee shop if they come in and order one cup of coffee and sit there for a few hours. Coffee shop owners need to make money, and count on a turnover of tables. Have you asked the shop owners? They might not be too keen on having people around all day who just take up tables but don't order more than a cup or two of coffee. They'll dislike it even more if they have "endless" cups of coffee...

My Advice: Keep it Simple

[iiioxx]

The way I see it, you should just forget about WEP keys, filtering, tip jars, and all of that crap. You are in the coffee shop business, not the cybercafe business.

Here's what I think you should do:
1) Get the cheapest DSL connection you can find in your area.
2) Buy as few low-end 802.11b AP's as it takes to provide coverage to your shop and store front (assuming you have tables out front or something).
3) Configure the AP's for public access, and use your shop's name for your SSID.

This will provide a decent level of Internet service for your customers with the minimum of maintenance and effort on your part. Most importantly, it will let you focus on your core business, which is coffee and sundries. Think of the Internet service purely as an amenity, like piped-in music or a TV in the corner, and treat it as a cost of doing business, not a profit center. Don't worry about how good the Internet service is, just concentrate on the coffee. Most people won't complain (loudly, anyway) about the quality of an amenity they are getting for free. Just set the appropriate expectations. The key phrase is... "best effort".

This will accomplish the real objective: bringing people into your store to buy your product, and keeping them there as long as possible (because hopefully, the longer they stay, the more product they buy), while at the same time minimizing your cost and overhead of providing the amenity.

Don't bother building your own

[supremebob]

ZyXEL has already made a WAP that was designed for small business owners who want to build and bill for their own WiFi Hotspot.

It's relatively cheap, and your local coffee shop won't need a geek on-site to set up and maintain it.

You're forgetting why Starbucks charges 10/hour...

[Sefert]

Havn't you ever noticed that there's only ever one or two comfy chairs in starbucks? When people are only dropping 1-5 bucks, you can't have them sitting there taking up real estate for 3 hours. Turning customers over is a huge challenge for coffee shops - you want to maintain the appearance of being a friendly place to come and have a coffee, but dont want 20 customers sucking up your seats for the entire day either. Being that you are in a smaller locale though - this may be less of a problem than for a coffee shop in a major metropolis dropping thousands a month in rent for 800 square feet.

NoCatAuth article in Linux Journal

[hodet]

Article in Linux Journal describes the whole thing and just may be the ticket you are looking for.

http://www.linuxjournal.com/article.php?sid=6887

The skinny on b vs g

[MythoBeast]

When deciding if you're going to bother with 802.11b or g, you need to ask yourself what you're going to use it for. It is unlikely that your inbound pipeline will be more than 12mbps, and it's also unlikely that the users will want to spend a lot of time swapping files. Intranet gaming also takes much less bandwidth than this for the ten or so machines that the typical router will support. With that in mind, 802.11b should be more than adequate.

A warning, though. Don't go into this assuming that it'll be maintenance free. I run one of these for the local neighbors, and they're regularly calling me up to find out what's wrong with the connection. Run it for a month or so without charging people. This will both hook your customers on the idea of having it available, and give you the time to figure out the best location of your router, how much regular maintenance your system will take, and if it's worth your effort.

Horsecrap

[doc_traig]

My wife saw the ads (targeted toward your average laptop-toter, it seemed) for wireless access at Starbucks, so, deciding it might be a nice break to work from there instead of the house, she went only to change her mind when she discovered the price. My point is that if she was handed a receipt and told "Here's your change and your WEP key", she would have said, "Uh... what?"

College Students

[RabidChipmunk]

This is no longer true. I went to a comedy show at a local coffee house and there were at least six "stylish" females there with laptops. [No males with computers.] They weren't there for the show. They were there to write papers and socialize while they did it.

Re:College Students

[Mantorp]

where is this place? sounds too good to be true

some ideas

[r]

first off, long term maintenance will be a problem. once you move on to a better job, the owners will have to deal with the networking themselves. so build them a system that's hands-off (ie. doesn't need patches :), or that then can administer themselves.

i'd stay away from deploying your own linux-pc-based solution for as long as you can. a hardware box that includes all functionality would clearly be best, even if slightly more expensive. eg. a wireless router with bandwidth management. something that, once set up, remains easy to use. unfortunately i don't know of any specific models that would do exactly what you want. you could always talk to the manager of some starbucks, or borders bookstore, and ask them what they use. :)

second, i like the idea of not going with the subscription model. my local coffeehouse just deployed wifi (using facefive), and when they did a test run for free, it caused quite a stir - a lot of people were coming in for the internet, and i think buying more. then they switched to the subscription model (only barely cheaper than starbucks), and it stopped. :(

and while anecdotal evidence proves nothing, i just mean to say that a tip-jar model, even if it doesn't bring explicit income to cover wifi costs, should cause increased traffic, especially from students. this should translate to higher sales, and most likely also longer table occupancy. you should do a test run for three months, and see whether it pays off.

and when you do that, please post the results! :)

Read this first

[mike260]

This may affect your decision.

Best ones are free

[rblancarte]

I go to one of these places listed (JPs Java House) - they have free unlimited 802.11b access for anyone. Very nice.

Overall, I think that your idea is great. I think you are making a bit more complex than it needs to be. If you want to have quotas that is fine, but why not just put up a 802.11g router (they are cheap) and allow open access. If you want to make sure that people buy stuff to get access - they do what another post says - WEP key on reciept, changed daily (sure, not hard to get around, but more of an honor system). And sure - put up a tip jar - clearly labeled with something like "FOR THE SUPPORT OF OPEN INTERNET ACCESS" or something like that. Heck, with this setup, you could be ready to go tomorrow (not next summer).

I say just go simple. If you make access easy and pretty much open - people will come in just for that. Especially in a college campus area - simple and pretty much unlimited will probably draw a solid crowd.

RonB

Re:Best ones are free

[rblancarte]

Hell, now that I was thinking about it (and reading down some more) - this is more complex than it needs to be.

Heck, I would just provide the access via a solid wireless router. I would make it free and open to all. Block ports of known things you don't want running (KaZaa etc). That is all I would do. I would also do the tip jar just to get some extra cash to help pay for the access (but don't expect too much). And finally I would put up a clearly visible, but not obtrusive, sign that says "Free internet access provided. Security not provided." Or something to that effect that would basically let people know, if you use my access, I am not responsible what you do or what happens to your computer.

I would not worry too much about quotas or stuff like that.

One more thing - I would spend some solid money on the router - the coffee house I go to (JPs) sometimes will choke up and need to be restarted. They just have a simple Linksys one.

Re:Best ones are free

[Nykon]

A tip jar model might not hurt but I wouldnt not count that into your cost/earning budget. The first step would be to just get an 802.11b AP in, and and wait to see if people use it before you add a PC into the mix, unless you can just build or buy an older one for $100. As many failed Wifi providers have found is that people do not want to pay $10 /hr to use it, or pay at all. The best model is to offer the wifi for free. You then ask "how do you make back your money?". With in this model, you offer the wifi for free, which means more people will come to use it, and the people already using it will stay longer. As customers stay they are likely to buy food or more drinks.

Re:Best ones are free

[Tony+Hoyle]

A PC will be more controllable - you can monitor usage, etc. I have a linux box running HostAP rather than a hardware access point, which is a really flexible solution (not many access points out there have stateful firewalls on :) plus I can do things like rotate the WEP keys to stop people breaking into it.

The security bit is probably not so much of an issue for a cafe, but monitoring access (and if you do decided to charge a small fee, that'll be essential) is really useful.

Re:Best ones are free

[BroncoInCalifornia]

I go to one of these shops while my daughter takes riding lessons. It is First Street Coffee in Gilroy, CA.

They just have a DSL modem and an Apple Airport. No computer etc. This works just fine. People are not there long enough for major file sharing. I did download Open Office once while I was there.

Mudhouse in Springfield, MO

[HoldenCaulfield]

The coffee house I've been frequenting (Mudhouse in Springfield, MO) has free WiFi for anyone that comes in. No WEP, no fees, no nothing. In fact, they just have a consumer SMC access point, and I'm guessing that whoever set it up was a non-techy. Anyone can access the admin functions by using the web interface, and while there is an admin password, if you know the name of the coffeeshop, you could change that too.

So how does this work? How come they haven't been hacked or had tons of b/w leeches? I think all this works because the coffee house was a pretty decent community to start with. It serves the local college kids, is part of the monthly art walk (they act as a gallery for a local artist), and you'll usually see/hear a group of teenage/college-age church groups, and lots of people who just want to sit and chat and have coffee. There's an honor system, and it seems to work. (Case in point would be my accessing the admin functions, but not changing anything, just taking a peek to see what kind of setup they were running.)

I'd estimate the coffeeshop seats maybe 60 people, and you'll see maybe 3 or 4 laptops on a Friday or Saturday night. The model probably works cause the kind of atmosphere the coffee shop has - they have board games you can borrow, and there's almost always a group playing Scrabble, and usually a group playing Skip-Bo or some other card game. They also have two large bookshelves filled with books (it seems to be a popular site for people to release books from bookcrossing.com).

I'd imagine in a town of 50k, just plugging in a WAP would work fine. All these people suggesting traffic shaping, changing WEP keys daily, etc etc might want to consider that a social solution might work just as well as a technical one in this case.

ZyXEL ZyAIR B-4000 Wireless LAN Hot Spot Gateway

[sunryder]

Here is *exactly* what you need :
http://www4.tomshardware.com/network/20031016/i nde x.html

According to the review, it is a "802.11b Hotspot router aimed at the wireless-with-your-latte Mom 'n Pop store-owner. Includes receipt printer"

Re: block IP ports

[RT+Alec]

This is exactly the approach I took when setting up a similar hotspot. I published some of the technical details here. We use mostly Netgear wireless routers, and a FreeBSD box for the core firewall/gateway.

Re:No PC

[mengel]

If that happens, invest in a roll of steel screen or chicken wire hooked to a ground wire...

Just put it between you and the neigbor where it won't block your customers.

Just one 'b' card and the entire 'g' network slows

[kenjib]

One thing to consider is that there is a problem with using a 802.11g card in that the backward compatibility with 802.11b works such that only one standard can be in use at a time. So, a single 802.11b NIC on the wireless network will make the router drop to 802.11b standard and all of the 802.11g NICs will be stuck with the slower speed as well. This means you only get the added speed gains for 802.11g if every single device in range is using that standard. I believe the manufacturers are looking into addressing this with a possible firmware upgrade, but I'm not sure where that stands currently.

Re:No PC

[mike260]

Except when the hog is a neighbor who has discovered the free access and is running a Kazaa file sharing client or doing some other high-bandwidth use activity. Remember, this is wireless - the person using the bandwidth might not always be visible to you.

It should be pretty easy to spot this kind of thing...keep an eye out for out-of-hours connections to the wireless access point and block their MAC address.

dirt cheap and easy... just like i like my girls

[thoolihan]

This shouldn't be too hard. Let's look at the issues:

PC (FOR CONTROL) - the owner probably already has one. spreadsheets for payroll etc. Many ap's can be controlled with just a browser.
TECH SUPPORT (FOR CUSTOMERS) - don't do it. free internet access, but customers must set themselves up. Besides, if someone is lost, they could always ask someone else with a laptop to give a hand.
SECURITY - two options. As many have pointed out, WEP Key on receipt. Or, just have open access (sounds crazy, but so is anybody who submits sensitive information to a non SSL page). Either way, have a disclaimer posted.
QUOTAS (referencing the Kazaa statemnt) - port blocking would be easier. Still, I would wait and see if this is really an issue.
MONTHLY COST OF INTERNET ACCESS - That's the real cost that matters to the owner. That and whatever you charge him to support the thing.

-t

Go cheap

[anaphora]

I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.

Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.

Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.

Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.

Re:Why is every "Ask Slashdot" completely stupid?

[BenjyD]

Yes, it is possible to get answers to many of the questions with google. But why not Ask Slashdot? The Slashdot readership is still, despite a lot of wannabes, in general extremely knowledgeable. I imagine many other readers have implemented this kind of thing and have (*gasp*) real-world experience of how this sort of thing works out. Good luck finding that on Google anywhere but on mailing lists and Slashdot.
By posting on the Slashdot front page and collecting a few hundred comments, the story poster gets his question answered many times over, and everyone else considering implementing this gets a large page of ideas.

nocat.net

[SenatorTreason]

Check out these folks. They have everything you need for your purposes. Here is their wiki for some more info about the actual softare involved..

Provide 802.11 but no AC outlets

[Bretski]

That's a trick a local coffee shop uses here. Free network so you'll stay an hour or two, but you can't charge your laptop to stay longer than that!

Misleading write-up

[Nexus7]

It's misleading to quote this $10 number for Starbucks. Monthly all-you-can-eat is $30 ($20 for T-mobile cell phone subscribers). For this price, you're getting the use of every Starbucks and Borders hot-spot out there and you know there are a few around. If you're in any place of a reasonable size, you know you can find one pretty easily, and you know you can hop on with no hassles. If you go by the hour, then sure you're going to pay more, but unless you surf like once a month, you're not going to go that route. That'd be for people on travel and it's worth more that $10 to the business for the connectivity.

There are many things family-owned coffee-shops are good or better for, but let's not knock *$ gratuitously. And there are things definitely lacking in *$ HotSpot service, but clearly you're not interested in addressing connectivity issues, you're interested in a business model for hot-spot service. And to qualify that, the issues with HotSpot service are mainly due to it being platform-independent (read "works with Linux").

Check out Mountain View Coffee shop

[HgAtIDesignDotNet]

This one seems to work with exactly your concept in a large city: http://www.live.com/danastreet/

OP: Here is a fun tip -

[Glonoinha]

Whatever else you do, change the default password on the router.

College Perk in College Park

[TheSync]

The College Perk coffeehouse in College Park, MD, has free wireless.

Another place in the area told me "we don't have wireless because I don't want people coming in and just using the Net and not buying anything."

OK, well, guess where I buy my coffee now?

Also at College Perk, I organized a Chat with the Baghdad Internet Cafe that brought in many customers.

Donation Jar for upgrade

[InfiniteWisdom]

How about this... start out with a b access point which, as others have mentioned you can pick up for $20 or so. Have a little jar soliciting donations for an upgrade. If enough people are interested you'll soon have the cash for a new accesspoint.

As I recently discovered when I counted the change that had accumulated in the coin compartment in my car, bouncing back loose change can add up pretty quick.

Your mom.

[Heisenbug]

Yo momma has a wireless laptop.

At least, mine does. So does anyone else who has a recent Mac. She might well wind up in such a place, if she was travelling with her laptop, which of course she does -- and in that case, she would surely be able to handle a simple web proxy form, but not a WEP password.

Re:Your mom.

[Golias]

... So does anyone else who has a recent Mac...
... she would surely be able to handle a simple web proxy form, but not a WEP password.

Have you ever used a Mac's "Airport" connection with a WEP!? It's less work that setting up web proxy settings.

Re:Your mom.

[KevetS]

Mod parent up. I'm not sure about configuring WEP on a PC, but on my Powerbook if there's a wireless network in range that I'm trying to join (Airport menu -> name of wireless network) and it doesn't already have the WEP key stored in my keychain, it will pop up a window asking me what the proper key is (along with a drop menu to choose which level of encryption). Simply type in the key, hit ok and *gasp* it's working!

All incrediby easy if you can 1. connect to a wireless network and 2. read.

Yep - you're making it WAY too complicated

I used to hang out in a coffee shop called Bean Trader's in the Durham area, which has had free Wi-Fi at two locations for about a year and a half now. You should definitely check it out if you're in the area. Or, if you just want advice, call the owners, Dave and Christy, they are very friendly, and I'm sure they would be happy to tell you about their real-world expierience with this. (Tell them David and Amber say "hi.")

The owners are NOT techies, and installed Wi-Fi in their forst location basically as a favor for me and another customer (since then I moved, and he went to jail, but that's another sotry). Since then, however, thay have had no trouble maintaining it themselves, and have found it so successful, that they are planning to make it a permanent fixture at every store they open in the future.

Here's the formula they have found sucessful: A DSL connection for broadband internet (though a cable connection should work as well), and a combination wireless router/access point (they use Apple AirPorts, but there are cheaper models which would work fine too). That's it.

Yup, you heard me right - they don't even have a computer! The Wi-Fi is wide open, 24-7, for everyone to use for free. If the connection drops, they unplug the router and plug it back in, and if it that doesn't fix it, they call the DSL company and have them fix it. It cost them about $100 to start (for the router), and $50 a month for the access. They've told me that the increased business has paid for those expenses MANY times over, so even while their customers see it as a gift, the truth is it makes them lots of money. They have had almost no trouble at all with people hogging the line, or any of the other things which you might expect to go wrong.

And that business model actually makes sense if you think about it. Consider McDonalds playlands, for example. McDonalds is ALL about making money, yet the playlands are free. Why? Wouldn't it be more logical to charge a small fee to cover the cost of the playland? Logical, perhaps, but not profitable. Making the playland free brings more customers into McDonalds, and they make far more moneyu selling food to those customers than they ever would if they charged admission to the playland. It's the same deal at a coffee shop. Just think of Wi-Fi as a playland for adults, and the business model is identical.

Also, making it free has other perks for the business owner. When people pay for something, they expect a certain level of service. But it's not reasonable to expect coffee servers to do tech support of any kind. When the service is free, if someone has a technical problem, the server can say "sorry, its free, so we don't support it - try asking one of the other customers." I know it sounds odd, but it actually works well. When I used to hang out there, just a customer myself, I probably helped someone new configure their laptop wireless card at least two or three times a week. And it was a great way to break the ice and meet new people too.

Trust me, just throw a router/access point on a broadband connection and call it done. I've seen it first hand, and it works better than you think.

Re:Yep - you're making it WAY too complicated

[leapis]

You can probably go with 802.11b to do this, too. There is not a DSL or cablemodem link that you can get which is going to saturate a 11 Mbps 802.11b, and I have yet to see an a/g card on the market which is not backwards compatible with b. When in doubt, definately go with the most reliable technology, as b has been out the longest and its implementations seem to have the fewest problems.

Friendliness vs. Paranoia - the More Coffee Model

[billstewart]

The business model for coffee-shop wireless isn't the tip jar - it's the $3 latte, and the extra coffee people drink while they're hanging around using it, and the extra pastries. That's also why you've got the newspapers, the comfy chairs, the shelf of Really Bad Science Fiction books, the chess set. If you've also got a PC in the corner for people who didn't bring their lap top, maybe charge for using that.

WEP isn't necessary for your customers - the main reason coffee-shops use it is to restrict access to paying customers, and you're not doing that - you're selling them friendliness and coffee and chair space and pastries that aren't too sticky to eat next to a computer. If you've got an issue with one of your neighbors sucking down bandwidth, that's different, of course, but setting WEP is an obstacle for users, especially if they've got their own WEP settings for their home or office.

Security and quotas are less necessary than you'd expect, as long as your DSL ISP is good. Start open, and maybe monitor usage and see what problems you get, rather than starting locked down tight, i.e. use your router's security features rather than buying a PC to start with, unless you also want to have the PC for customers who don't bring laptops. (And if your ISP is the uptight, policy-heavy types, running free or especially paid wireless in your store probably violates their policies, plus they're probably already restricting SMTP.) For consumer DSL ISPs, I'm quite happy with sonic.net, Speakeasy's also good and has nationwide coverage, and ever Earthlink's not too bad. Business DSL providers will charge a bit more, and tend to have flexible policies. Cable Modems are a much better match technically, but are run by terminally clueless paranoids who don't understand their business models, so you can't use them except maybe with a higher-priced business-class service.

You're unlikely to have much problem with spammers - geeks hate them, and have fun imagining scenarios like drive-by spammers, but in a small town, it's more of a know-your-customer thing. If you're in a college town, or get lots of high-school kids, you may need to worry more about crackers using your system. On the other hand, you need to leave things open for gamers, and the problem there is making sure the high-school kids keep buying enough drinks to make up for chair space. KaZaa's not really much of a problem, as long as your ISP doesn't ban it, because users are transient enough that they won't be doing much uploading, just leeching.

yes they are

[SethJohnson]

Here's a couple observations from the time I've spent in some of Austin's free wireless cafes (Flightpath and Bouldin Creek Coffee Shop)...

Another benefit of free access is that the employees of the coffee shop don't have to provide any form of technical support for the service. If it don't work, oh well.

Speaking of the employees, I don't think it's a very good idea to use the tip jar you described "FOR THE SUPPORT OF OPEN INTERNET ACCESS". This competes with the tip jar for the employees. Not nice and also likely to be pilfered by the employees.

Re:Don't Allow VPN Access !

[ckaminski]

Traffic is traffic. They're there to buy/consume your product and fill seats encouraging people to congregate in your store. You want to stop the trouble makers (nessus runners, rootkit script-kiddies, and guys outside in cars hijacking your connection to attack www.whitehouse.gov).

802.11a vs. 802.11b/g

[jroysdon]

I'd never consider 802.11a at this point, the marketshare is all in 802.11b.

So, the next question is, should you go 802.11g (~54mbit), which is backward compatible with 802.11b?

How fast is your internet access going to be? Is it even going to be faster than 802.11b will provide (11mbit)? If users want to do laptop to laptop transfers, they should just use a crossover ethernet cable (100mbit). Hint: Most ADSL is 384kbit and will let you grab ~1mbit when things aren't busy at the ISP. 1mbit is "fast" for most folks.

IHMO, the owner should just see is as a way to increase his customer base for his existing revenue model, and have a cool thing to do when things are slow (but need to keep the other employees in check if things aren't getting done and he's not there all the time).

Futher, I'd suggest a caching engine like Squid, which can help with content filtering as well (say for employees, make them login before they can surf so you can track their time, etc.). Squidguard is my filter preference for filtering and there are many free content DBs online.

I'd be filtering porn sites, probably gambling, probably hate sites, etc., as I'd not want one customer offending another with graphic images. Of course, you could say MYOB and tell the guy to sit where no one can see his laptop, whatever...

NoCat is a good authentication model as well just so you can track folks in case something illegal is taking place.

m0n0wall

[adamsc]

You can setup a Soekris box running m0n0wall and do everything in a single small box with no moving parts. Alternately you can save some cash using an old PC and either a CD-R or some sort of bootable flash drive.

It's embedded FreeBSD and will do all of the basic AP functions plus firewalling, traffic-shaping to keep P2P hogs from becoming nuisances, local DNS registration, etc.

Re:No PC

[sootman]

"...keep an eye out for out-of-hours connections..."

Or, better yet, unplug* the WAP at night--100% hackproof!

* even easier to maintain: put it in an outlet that's connected to a wall-mounted lightswitch-style switch. At night, turn it off with the lights.

Finances

[FuegoFuerte]

Whatever you do, get the money first (from the coffee shop). I was going to set up wireless access for a local coffee shop, bought a (really inexpensive) PC to set it all up with, started work on the PC (software configuration, etc), and then the owner never went through with her half of the deal, which was to get the DSL installed (I even have her the number to call and the plan to ask for). Eventually, it ended up I never got the money for the PC (but I sold it to someone else for what it cost me, so no huge loss except time) and the system never got installed. The coffee shop still has no wireless access, and the coffee's become more expensive than anywhere else in the area so I no longer go there.

Moral of the story: Get money first. Make sure the owner is really going to follow through with the idea. If they aren't comfortable giving you money first, make sure you have some kind of written agreement showing they know how much it will cost and agree to pay you that amount.

watch for lawsuits!

[iamhassi]

When I went to the library a week ago to use the internet I had to sign an agreement basically stating I wouldn't sue the library for any information I found online.

I laughed, but they were completely serious. Apparently libraries have been sued before because of the content of the internet! But if the library installs filters, they violate first admendment rights.

I know this doesn't help with your decision, but you might want to have some sort of disclaimer up stating the cafe is not responsible for the content of the internet.

Re: Why block IRC

[RT+Alec]

We thought about this one. In my experience, IRC is used as a conduit for zombies, viruses, and the like far more than it is used for people chatting. To be specific, I have noted blocked IRC traffic (ingress and egress) in the firewall logs, yet never once had anyone complain that something was not working. This includes several office environments where I have set up the network, including the firewall. I figured the one or two people who need (or even want) it would shout about it and I would let their machine through. But to date, not one such request.

In the situations where I could examine the internal computers that were attempting to connect via IRC ports, I always found them loaded with spyware and/or viruses. Always. A round with an up to date anti-virus tool, as well as Ad-aware or Spybot, and the IRC traffic ceased.

I have nothing against IRC, but my experience has been that not many people use it. If you come down to Lake Anne, let me know and we'll see what we can do. I opened up the VPN ports and protocols after someone requested it, and it made sense.